Role-Based Access To Portable Personal Health Records

Steele, Robert; Min, Kyongho

doi:10.1109/icmss.2009.5301451

Cited by 10 publications

(6 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Generally two main techniques are used to secure health records: encryption and access control, being combined most of the time. However, pure access control approaches [3,29] do not provide the needed protection as we can not trust the EHR server where the access control is enforced.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Requirements for Integrating End-to-End Security into Large-Scale EHR Systems

et al. 2014

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

“…Encryption and access control create synergies for the benefit of system security. Some approaches [3,29] find access control alone to be adequate. However, neither access control nor encryption alone can guarantee the security of EHRs by themselves.…”

Section: Relationship To Access Controlmentioning

confidence: 99%

Requirements for Integrating End-to-End Security into Large-Scale EHR Systems

et al. 2014

View full text Add to dashboard Cite

“…However, they mostly do not discuss architectural details. HealthPass [9,10] is a mobile-based PHR system that enables the exchange of PHR data with a physician at the pointof-care. The system uses a Health Certificate Authority to authenticate the entity (e.g.…”

Section: Introductionmentioning

confidence: 99%

A mobile-based architecture for integrating personal health record data

Aboelfotoh

Martin

Hassanein

2014

2014 IEEE 16th International Conference on E-Health Networking, Applications and Services (Healthcom)

View full text Add to dashboard Cite

Personal Health Record (PHR) systems provide patients with access to their own records, as well as control over who accesses their record. There are many PHR system providers available on the market. These PHR systems, however, have little means to integrate with healthcare facilities in the healthcare system network. This paper proposes a Personal Health Record (PHR) system solution which allows for exchange of patient data at the point-of-care using the patient's mobile device. The objective is to outline and address the issues that arise when adopting an hybrid PHR architecture that comprises a mobile component and an online remote server component. Preliminary tests are conducted in order to assess the system's usability.

show abstract

“…The goal is to have strong security features to manage independently administrated domains the mainstream commerce systems for which it was designed. In [13], RBAC model is used to implement a secure access policy in Electronic health information systems. This system is designed to offer better health care services for patients and to help doctors and other health care workers to treat and diagnose diseases.…”

Section: Introductionmentioning

confidence: 99%

“…With respect to [22], the above techniques don't give the consistency verification of policies. Some more important works have used Colored Petri Nets [11,12,13,14,22] where the coverability tree (or graph) is used to analyze some properties and the consistency of the RBAC policies. We will present a more detailed discussion about these last works in section two.…”

Section: Introductionmentioning

confidence: 99%

Using Timed Colored Petri Nets and CPN-tool to Model and Verify TRBAC Security Policies

Kahloul

Djouani

Tfaili

2010

Electronic Workshops in Computing

View full text Add to dashboard Cite

Role Based Access Control (RBAC) is one of the most used models in designing and implementation of security policies in large networking systems. The classical model doesn't consider temporal aspects which are so important in such policies. Temporal RBAC (TRBAC) is proposed to deal with these aspects. Although the elegance of these models, design a security policy remains a challenge. One is obliged to prove the consistency and the correctness of the policy. Using formal verification allows proving that the designed policy is consistent. In this paper 1 , we present a formal modelling/analysis approach for TRBAC policies. We use Timed Colored Petri Nets to model the TRBAC policy, and then CPN-tool is used to analyze the generated models. The analysis allows proving many important properties about the TRBAC security policy.

show abstract

Role-Based Access To Portable Personal Health Records

Cited by 10 publications

References 13 publications

Requirements for Integrating End-to-End Security into Large-Scale EHR Systems

Requirements for Integrating End-to-End Security into Large-Scale EHR Systems

A mobile-based architecture for integrating personal health record data

Using Timed Colored Petri Nets and CPN-tool to Model and Verify TRBAC Security Policies

Contact Info

Product

Resources

About